Byzoro Smart S45F Multi-Service Secure Gateway Intelligent Management Platform importexport.php sql injection
CVE-2023-4745

9.8CRITICAL

Key Information:

Vendor

Byzoro

Status
Smart S45f Multi-service Secure Gateway Intelligent Management Platform
Vendor
CVE Published:
4 September 2023

What is CVE-2023-4745?

A SQL injection vulnerability has been identified in the Byzoro Smart S45F Multi-Service Secure Gateway Intelligent Management Platform, affecting versions up to 20230822. This vulnerability allows an attacker to exploit the /importexport.php file, potentially leading to unauthorized data manipulation and exposure. The attack can be executed remotely and has already been disclosed publicly, posing significant risk to affected systems.

Affected Version(s)

Smart S45F Multi-Service Secure Gateway Intelligent Management Platform 20230822

References

https://vuldb.com/?id.238634
vdb-entrytechnical-description
https://vuldb.com/?ctiid.238634
signaturepermissions-required
https://vuldb.com/?submit.198222
third-party-advisory

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

JackYu (VulDB User)
.